The present invention relates to data communications equipment and to computer systems. In particular, this invention relates to the use of data communications equipment to provide secure access to a computer system.
The use of computers in today's world is continually on the increase, from main-frames to personal computers more and more people are using computer systems. In fact, it is the accessibility of a computer itself, via a modem and the public switched telephone network (PSTN), that allows almost anyone to benefit from the use of a computer. Unfortunately, this "dial-up" accessibility also seems to attract "intruders," i.e., illegitimate users of a computer system. As a result, the security of a computer system, or even a network of computers, as to both the integrity and distribution of the information stored on a computer is an item of continuing concern to the legitimate owners and operators of computers. In response to this need of prodding some type of access security to a computer system a number of alternatives have been proposed.
Some approaches utilize the well-known "automatic number identification" (ANI) feature available from most public switched telephone network providers. For example, U.S. Pat. No. 5,003,595, issued to Collins et al. on Mar. 26, 1991, describes a system where a private branch exchange (PBX), upon answering an incoming data call, provides the calling party's ANI to an adjunct processor, i.e., computer, for analysis. This adjunct processor compares the calling party's ANI to a list of authorized ANI numbers. If the calling party's ANI is on this authorization list then the data call is completed. However, if the calling party's ANI is not on the list of numbers, the adjunct processor instructs the PBX not to answer the data call. In contrast to the Collins et al. patent, U.S. Pat. No. 5,301,246, issued Apr. 5, 1994 to Archibald et al. describes a modem that includes a list of authorized ANI numbers. For any incoming data call the modem compares the calling party's ANI to each of the authorized ANI numbers. The modem answers the incoming data call only if a match is found.
Another approach utilized by the prior an is the use of an individual's "biometric" information. In particular, an individual's voice print can be used to verify a person's identify. U.S. Pat. No. 4,876,717, issued to Barron et al. on Oct. 24, 1989, describes a system that includes a PBX in association with an adjunct processor. In this system, when a calling party wants to access a computer system, the calling party first establishes a "voice-call" to the system. Upon answering the voice-call, the PBX transfers the call to the adjunct processor. The latter prompts the calling party, via a voice recording, to speak a predefined identifying phrase. As the calling party speaks this phrase the adjunct processor generates a voiceprint of the calling party. After generating the calling party's voiceprint, the calling party is instructed to "hang-up." The adjunct processor than compares the calling party's voiceprint to a set of voiceprints that represent authorized users. If there is a match between the calling party's voiceprint and a voiceprint of an authorized user, the adjunct processor calls back the calling party to establish a data call between a host computer coupled to the PBX and the calling party. In making this second telephone call, the adjunct processor uses a telephone number that is a priori associated with the, now identified, calling party.
The above-mentioned prior art, while providing secure arrangements to access computers, arc not the complete answers to the problem. For example, the Collins et al. and Archibald et al. approaches utilize the calling party's ANI, but this does not guarantee the calling party is the actual person authorized to use the computer system. It only guarantees, to a degree, the location of the calling party in the public switched telephone network. On the other hand, the Barron et al. patent, albeit providing a better identification of the actual calling party, requires two telephone calls, one to identify the calling party and one to establish the data call upon verification of the calling party. In addition, since this system initiates the data call using a predefined telephone number, the original calling party must be at the location associated with this predefined telephone number absent the use of any sophisticated call forwarding arrangements. As a result, the two-call approach is usually impractical for a person who is on a business trip.